Who Dares Wins

“Who Dares Wins” is the motto of the British SAS (Special Air Service), and it has also been adopted by another eleven elite special forces units around the world. If we applied this slogan in our organisations and projects, it could change the way we manage risk in the following four ways:

1. Find more opportunities.

Typically, about 80% of the risks recorded in Risk Registers are threats (negative risks), with only 20% opportunities (positive risks). Adopting a “Who Dares Wins” attitude will encourage the inclusion of more opportunities. Even if we don’t completely reverse the 80/20 balance, we should fundamentally change the attitudes of internal stakeholders towards risk identification. They would no longer attempt only to maximise protection against all imaginable threats, but instead they would optimise risk exposure by aiming to capture the gains offered by opportunities. To promote this approach, ask your teams to view their business or project as a bank account. Every threat corresponds to a withdrawal or an additional charge, and each opportunity is a deposit or added income. Most people understand that, to preserve and enhance the overall value of their account, it is more effective to focus on increasing gains than to put all of their effort into reducing charges.

2. Opportunity-based risk thresholds.

If we want to focus on searching proactively for opportunities rather than simply protecting ourselves from threats, we need to encourage people to take risks. This raises the question of how far we can go in risk-taking. Asking people to take risks requires us to define the limits of what is acceptable. All business investments and projects are carried out to create value for stakeholders. Risk thresholds can only be determined by considering both value creation and value destruction for the organisation. The motto “Who Dares Wins” would encourage management and sponsors to define acceptable risk thresholds clearly, based on the anticipated value, and it would allow teams to concentrate on maximising value creation through controlled risk-taking within those limits.

3. Value-focused risk management.

In order to follow the principle of “Who Dares Wins”, we need to know what winning means. Businesses and projects must have a clear understanding of what type of value they seek to create, what creates that value, and for whom. The International Institute of Business Analysis (IIBA, www.iiba.org) defines value as “any desirable result for a stakeholder in a [given] context.” Once the anticipated value is well-defined in a “business value model”, we can focus our risk process on enhancing the main value-creating opportunities, while at the same time addressing the principal threats that would undermine value for stakeholders. For projects, the business value model needs to be developed during project initiation, supported by the sponsor, regularly reviewed, communicated and shared with the team. The risk management process can then be aligned with the value criteria described in the model. Definitions of impact levels should cover all the value criteria identified in the model, including value for suppliers, for partners, for the teams, for client stakeholders, etc.

4. Success-oriented risk response planning.

In the traditional threat-based approach to risk management, people aim to protect themselves at all costs. This purely precautionary approach is always inefficient, as we end up protecting ourselves from things that are unlikely to happen, and we overestimate the amount of protection we need. However, with “Who Dares Wins”, the focus is on taking action in order to win, rather than hoping not to lose! This positive fighting attitude helps us to commit resources to developing and implementing effective risk responses. If we also focus our action plans on creating value, it will create a win-win situation with the stakeholders involved.

Adopting the motto “Who Dares Wins” for risk management will make it easier for organisations and their project teams to consider opportunities before threats, and to focus risk management on the creation and protection of value for all stakeholders. It works for the special forces, and it can work for our organisations and projects too!